Modifying Entries Using ldapmodify

Ensure that you use the ldapmodify utility
that is provided as a part of the Directory Server Enterprise Edition software.

Use the changetype: modify keyword to add, replace,
or remove attributes and their values in an existing entry. When you specify changetype: modify, you must also provide one or more change operations
to indicate how the entry is to be modified. The three possible LDIF change
operations are shown in the following example:

Use a hyphen (-) on a line to separate operations
on the same entry, and use a blank line to separate groups of operations on
different entries. You can also give several attribute: value pairs for each operation.

Adding an Attribute Value

You cannot use DSCC to perform this task. Use the command line, as described in this procedure.

The following example shows how you can use the same add LDIF
syntax to add values to existing multi-valued attribute and to attributes
that do not yet exist:

Using the Binary Attribute Subtype

Theattribute;binary subtype indicates that attribute values must be transported
over LDAP as binary data, regardless of their actual syntax. This subtype
is designed for complex syntax that does not have LDAP string representations,
such as userCertificate. The binary subtype should not
be used outside of this purpose.

When used with the ldapmodify command, appropriate
subtypes can be added to attribute names in any of the LDIF statements.

To enter a binary value, you may type it directly in the LDIF text or
read it from another file. The LDIF syntax for reading it from a file is shown
in the following example:

To use the :< syntax to specify a file name, you
must begin the LDIF statement with the line version: 1.
When ldapmodify processes this statement, it will set
the attribute to the value that is read from the entire contents of the given
file.

By default, the search returns the binary attributes when used with
the ;binary option. Set the compat-flag to norfc4522 to disable rfc4522 compliance.

Adding an Attribute With a Language Subtype

Language and
pronunciation subtypes of attributes designate localized values. When you
specify a language subtype for an attribute, the subtype is added to the attribute
name as follows:

attribute;lang-CC

where attribute is an existing attribute
type, and cc is the two-letter country code to
designate the language. You may optionally add a pronunciation subtype to
a language subtype to designate a phonetic equivalent for the localized value.
In this case the attribute name is as follows:

attribute;lang-CC;phonetic

To perform an operation on an attribute with a subtype, you must explicitly
match its subtype. For example, if you want to modify an attribute value that
has the lang-fr language subtype, you must include lang-fr in the modify operation as follows:

All current values of the specified attributes are removed, and all
given values are added.

After changing an attribute value, you can use the ldapsearch command
to verify the change.

Trailing Spaces in Attribute Values

When you modify an attribute value, do not unintentionally include trailing
spaces at the end of the value. The trailing spaces are stored in the server
as part of the attribute's value, and leads to unexpected values being stored

When you verify the change using DSCC or the ldapsearch command,
the value you see might be plain text or some other unexpected value. This
depends on which Directory Server client you use.